IdentityProviderPolicy may be incorrect
From #290710 (comment 459610359), I am developing a new cop.
It seems like ee/app/policies/ee/identity_provider_policy.rb has a similar bug ?
/cc @igor.drozdov @stanhu @robotmay_gitlab @plafoucriere
$ be rubocop --only Gitlab/PolicyRuleBoolean --parallel -- app/policies/ ee/app/policies/
Inspecting 124 files
.................................................................................................C..........................
Offenses:
ee/app/policies/ee/identity_provider_policy.rb:29:7: C: Gitlab/PolicyRuleBoolean: && is not allowed within a rule block. Did you mean to use &?
rule { managed_group && last_group_saml_owner }.prevent(:unlink)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
124 files inspected, 1 offense detected
Kept confidential for now, until we can talk more about #290710 (closed). Otherwise, this can be public as I don't think this is a security issue per se
Definition of done
- Remove usage of
&&
inEE::IdentityProviderPolicy
- Backfill specs for the related rules
- If it is determined that the usage of
&&
is a security issue (gives users more access than they should have), open a security MR - If it is determined that the usage of
&&
is NOT a security issue, mark this issue as non-confidential
- If it is determined that the usage of
Edited by Jessie Young